User Authentication

This section lists and describes the methods supported for authenticating the HVR Hub Server user and HVR Agent user. In Fivetran HVR, users typically refer to individuals who interact with the HVR Hub and HVR Agent. Access to the HVR Hub and HVR Agent is managed through user accounts and a user permissions system. A user account consists of a username and password used for authentication.

You can set the authentication method for a user only during user creation in HVR. When you create a user, they are added to the HVR repository.

By default, all user authentication methods in HVR require the user to exist in the HVR repository before authentication can proceed. However, when user provisioning is enabled, users who do not exist in the repository are automatically added after they successfully log in using an external authentication method (such as PAM, Plugin, SAML, or Windows).

To manually add a user in HVR, use one of the following options in the HVR UI or command-line interface (CLI):

• For HVR Hub users, use the Add User option in the HVR UI or the hvruserconfig command (options -A, -c) in the CLI.

• For HVR Agent users, use the Add User option in the HVR UI or the hvragentuserconfig command (options -A, -c) in the CLI.

User Authentication Methods

The following user authentication methods are available in HVR:

• Kerberos
• Local
• PAM
• Plugin
• SAML Since v6.2.5/2
• Windows

Kerberos

The user is authenticated using the Kerberos authentication method. To use this authentication method, Kerberos must be configured on the user's machine or network.

Local

The user is authenticated using the username and password of a local user. In this authentication method, the user account credentials are created and stored locally in the HVR system.

PAM

The user is authenticated using the username and password of a user available in the Pluggable Authentication Module (PAM). PAM is a service that validates user credentials on Linux and Unix systems, serving as an alternative to the traditional local (username/password) authentication (e.g., checking the /etc/passwd file).

To use this authentication method, PAM must be configured in the user machine or network. In this authentication method, HVR uses the PAM authentication service to authenticate a user on Linux and Unix systems.

The default PAM authentication service used is login. To use a different PAM service, you must configure the PAM Authentication Settings using the HVR UI or CLI:

• For HVR Hub users, use the PAM Authentication Settings option in the HVR UI or the hvrreposconfigcommand in the CLI.

• For HVR Agent users, use the Advanced Authentication Options for PAM in the HVR UI or the hvragentconfig command in the CLI.

Plugin

The user is authenticated using a custom authentication plugin. In this authentication method, HVR allows you to supply your own plugin for authenticating the users. The custom plugin file must be named as hvrauth and saved in the HVR_CONFIG/plugin/authentication/ directory. An example of the custom authentication plugin can be found in the HVR_HOME/plugin_examples/authentication/ directory.

SAML

Since v6.2.5/2

The user is authenticated by a third-party identity provider using SAML 2.0. To use this authentication method, you must configure SSO for the HVR Hub.

Windows

The user is authenticated using a username and password of the Windows user available in the Active Directory (AD). In this authentication method, HVR uses the Windows user account to authenticate a user.

See Also

• Command hvruserconfig
• Command hvragentuserconfig
• Setting up HVR Hub
• Configuring HVR Agent
• Users
• User Provisioning